Security

Privacy Policy

How we protect and handle your data with enterprise-grade security

Last updated: August 31, 2025

Core Principles

🔒
Zero-Trust
End-to-end encryption
🏢
Enterprise
GDPR/HIPAA/SOX ready
👤
User Control
Your data, your choice

1. Data We Collect

Account Information

Email, name, authentication tokens for Google/GitHub OAuth

Usage Data

Commands executed, API calls, performance metrics (anonymized)

Technical Data

IP address, browser info, device characteristics for security

2. How We Use Data

  • Provide and improve MARIA OS services
  • Authenticate and authorize access
  • Monitor system performance and security
  • Generate anonymized usage analytics
  • Comply with legal obligations

We NEVER:

  • Sell your personal data to third parties
  • Use your code for training external foundation models
  • Share sensitive data without consent

3. Data Protection

Encryption

AES-256 encryption at rest, TLS 1.3 in transit

Access Control

Role-based permissions, multi-factor authentication

Monitoring

24/7 security monitoring, audit logging, incident response

4. Your Rights

Under GDPR and other privacy laws, you have the right to:

  • Access: Request copies of your data
  • Rectification: Correct inaccurate data
  • Erasure: Delete your account and data
  • Portability: Export your data
  • Objection: Opt out of certain processing

5. Third-Party Services

We integrate with trusted services:

Authentication

Google OAuth, GitHub OAuth

Payment

Stripe (PCI DSS compliant)

Infrastructure

Google Cloud Platform

Analytics

Firebase Analytics (anonymized)

Questions About Privacy?

We take privacy seriously. Contact our Data Protection Officer for any questions about how we handle your data.

Contact Privacy Team